FS#25713 - [php] php 5.3.7 has an extremely critical vulnerability, downgrade suggested
Attached to Project:
Arch Linux
Opened by Massimiliano Torromeo (mtorromeo) - Monday, 22 August 2011, 13:04 GMT
Last edited by Dave Reisner (falconindy) - Monday, 22 August 2011, 15:35 GMT
Opened by Massimiliano Torromeo (mtorromeo) - Monday, 22 August 2011, 13:04 GMT
Last edited by Dave Reisner (falconindy) - Monday, 22 August 2011, 15:35 GMT
|
Details
The latest "stable" release of PHP (5.3.7) has a critical
vulnerability in the crypt function, that may allow
unauthorized access to websites that use that function for
password verification and other similar situations.
See bug https://bugs.php.net/bug.php?id=55439 The PHP developers suggest on the frontpage (http://php.net/) to wait to upgrade until 5.3.8 is released (hopefully soon). |
This task depends upon
Closed by Dave Reisner (falconindy)
Monday, 22 August 2011, 15:35 GMT
Reason for closing: Fixed
Additional comments about closing: php-5.3.7-3
Monday, 22 August 2011, 15:35 GMT
Reason for closing: Fixed
Additional comments about closing: php-5.3.7-3
I still see 5.3.7-2 as the last published package (verified to be vulnerable). I'll wait for 5.3.7-3.
Thanks!